====Mulyadi Santosa message======
Just trying to clear up some doubts:
1. Which chain(?) do you use ? pre routing? post routing?
2. How do you inject the packet back to the kernel?
=====end====
I am using the IP_FORWARD chain to capture the packet.
To insert the packet back into the ip stack, I am using ipq_set_verdict() mechanism provided by the ip_queue module.
Can any body tell/guide me how can I intercept the packet at PRE_ROUTING stage. Any sample program/code snippet will be really useful.
--
Thanks & Regards,
Gaurav Aggarwal
On 9/18/07, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx
> wrote:
Hi...
> Hi,
>
> I'm using ip_tables and ip_queue modules to trap the packets from IP stack
> to a userspace VPN product, using nothing but standard kernel modules (and
> my own VPN proxy app). The packets flowing into or out of the machine get
> diverted to a userspace application (actually a VPN client), where src/dest
> addresses are modified if needed, and then injected back into the local IP
> stack.
>
Just trying to clear up some doubts:
1. Which chain(?) do you use ? pre routing? post routing?
2. How do you inject the packet back to the kernel?
My raw hypothese: there is a chance you put back the packet into
postrouting chain. The network stack realize it, but since it's already
queued for outer destination, it gave you the error message instead.
regards,
Mulyadi
--
Regards,
Gaurav Aggarwal
